CVE-2024-1048: grub2-set-bootflag may be abused to fill up /boot, bypass RLIMIT_NPROC

CVE-2024-1048: grub2-set-bootflag may be abused to fill up /boot, bypass RLIMIT_NPROC

Open Source Security [[{„value“:“

Posted by Solar Designer on Feb 06

Hi,

Summary:

This message is about issues in grub-set-bootflag.c commonly installed
as grub2-set-bootflag, which is Red Hat’s addition (not part of upstream
GRUB project) used at least in Fedora and RHEL and its downstreams. It
is a SUID root program. I think its latest development source code is
currently located in this branch:

https://github.com/rhboot/grub2/tree/fedora-40

On non-OSTree distros, this program’s purpose appears…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert